Can Employers Find the Employee Privacy Sweet Spot? (Part II)

In part I, we examined whether a balance can be struck between business imperatives and employee privacy. In this second and final part of the article we delve into just how employee privacy issues have been treated under the law and delve further into the rights and responsibilities of both employer and employee.

Good news or bad news?

For employees the good news is that, at least in the United States there has been some efforts to recognise that a sense of balance is required. What may be good business practice may cross some ethical and moral boundaries.

In a 2013 presentation on employee monitoring, Mark S. Dichter and Michael S. Burkhardt of the law firm Morgan, Lewis & Bockius explain that courts have tried to balance “an employee’s reasonable expectation of privacy against the employer’s business justification for monitoring.”

The bad news – employees have a very hard time convincing a court of law that they have the right to privacy.

Before you continue reading, how about a follow on LinkedIn?

A Santa Clara University (SCU) study on ethics reveals that in a recent court case (Smyth v. Pillsbury Co.), Michael Smyth argued that his employee privacy was violated and he was wrongfully discharged from his job after his employers read e-mails that he had exchanged with his supervisor. In the electronic messages, among other offensive references, he threatened to “kill the backstabbing bastards” in sales management.

The court ruled that Smyth had “no reasonable expectation of privacy” on his employer’s system, despite the fact that Pillsbury had repeatedly assured employees that their e-mail was confidential. In addition, the court held that the company’s interest in preventing “inappropriate and unprofessional” conduct outweighed Smyth’s employee privacy rights.

A 2015 article in Human Rights Magazine put it bluntly.

The bottom line is that employers can monitor every e-mail, text message, Web site visit, or other activity that takes place on a company-owned device. Despite the reassuring language about the need for balance, no employee has ever won a case against his or her employer for computer monitoring.

Increasing levels of monitoring

The debate is not going away anytime soon.

In late 2013, a software package came on the market that allows employers to monitor their employees’ Internet use in the workplace. It employs a database of 45,000 Web sites that are categorized as “productive,” “unproductive,” or “neutral,” and rates employees based on their browsing. It identifies the most frequent users and the most popular sites. The name of this software – ‘LittleBrother.’

This is only one example of the many pieces of software that allow companies to keep track of employee activity. There are also programs to search e-mails and programs to block objectionable Web sites. Beyond installing monitoring software to check that their employees are working, companies can simply access email caches on servers to read employee e-mail. The delete button of an employee’s keyboard is now of extremely limited use when it comes to ensuring employee privacy.

In the latest news an Ottawa company, Punchtime has become one of the latest entries into the increasingly lucrative market of employee tracking and metric collection. However, the technology is raising issues surrounding an employer’s right to know versus an employee’s right to privacy.

Punchtime’s marketing is straight to the point – “Who, what, when and where. Simple and smart time tracking that keeps you and your team focused on real work.” The Punchtime app was created by three businessmen to help employers automate time sheets and payroll for their employees.

“At its core, it’s employee metrics. We gather information about employees every day: what they’re doing, when they’re doing it and where they’re doing it,” said Chris Desjardins, co-founder and CEO of Punchtime Inc.

Chris Desjardins, co-founder and CEO Punchtime Inc., says his company believes workers have the right to employee privacy. A fine sentiment, but without any form of protection employees (and their data) are subject to enormous risks.

Possibly. However business is presented with an opportunity to grow relationships with employees, rather than foster a culture of distrust.

The debate should not be how – but why

Gilles LeVasseur, a University of Ottawa professor specialising in labour and corporate law, said the devil is in the details. Of course. As with any relationship based on trust and a healthy dose of financial interest it always is.

Employee performance is usually based on results, but technologies like Punchtime could put more of a focus on the execution of individual tasks – and potentially ignore any questions of context. In essence, technology like this risks turning employees into units of production – rather than human beings.

Privacy is not absolute. Sometimes, as in the case of law enforcement, invasions of privacy may be warranted. In “Privacy, Morality, and the Law,” William Parent, a philosophy professor at SCU, sets out six criteria for determining whether an invasion of privacy is justifiable:

For what purpose is the undocumented personal knowledge sought?

Is this purpose a legitimate and important one?

Is the knowledge sought through invasion of privacy relevant to its justifying purpose?

Is invasion of privacy the only or the least offensive means of obtaining the knowledge?

What restrictions or procedural restraints have been placed on the privacy-invading techniques?

How will the personal knowledge be protected once it has been acquired?

These are particularly important questions for both employees and employers to ponder.

Why legal protection for employee privacy lags

John Bannister Gibson (1780-1853) the American jurist once said (in the Pennsylvania Supreme Court) that the ‘millstones of Justice turn exceedingly slow, but grind exceedingly fine.’ That may be true, but Moore’s law (current definition, approved of by Moore himself, is that data density doubles approximately every 18 months) waits for no man.

One of the challenges is that the pace of technological innovation simply outstrips the ability of the law to keep pace.

Both parties – employer and employee will be at loggerheads until they achieve legal parity.

Who watches the watchers?

Given this state of affairs it seems that it will remain the responsibility of companies themselves to decide on the parameters of employee privacy in close consultation with their human resource departments.

In a world where competitive pressures seem to grow in lockstep with technological innovation, the organisation is under continuous pressure to ensure that they walk the fine line between the employee’s right to privacy and the ethical use of data. In other words, employers must decide why the data is required, as well as how they will protect that data once it is gathered.

However, the question of who is the ultimate arbiter of the limits of privacy remains one that has puzzled great minds for ages. The 1st/2nd century Roman poet Juvenal wrote in his work Satires, ‘Quis custodiet ipsos custodes?’ or ‘who will watch the watchers?1

However, the question of who is the ultimate arbiter of the limits of privacy remains one that has puzzled great minds for ages. The 1st/2nd century Roman poet Juvenal wrote in his work Satires, ‘Quis custodiet ipsos custodes?’ or ‘who will watch the watchers?<sup>1</sup>

As technology becomes more advanced, the question remains not whether those in authority can increase their levels of monitoring and potential invasion of privacy – but whether they should – and who is responsible for setting the limits on the activities of business.

The balance between employee privacy and productivity

The accepted corporate stance is that companies should and must realise that their greatest assets are the human capital that they have, but there must be a balance – without profit and optimising human capital there will simply be no enterprise, at the same time employees must be forthright in their defence of their right to privacy and personal data protection.

At the same time those who enter employment contracts must balance their right to privacy with their own responsibility. They have willingly entered into a contract that is performance based – they cannot expect any organisation to willingly sacrifice productivity on the altar of their employee’s personal lives in the form of personal emails and web surfing.

And they cannot expose themselves to attacks by those who would exploit the nature of data sharing either within the day to day operations of their employees or in their personal lives.

The solution is to build a robust firewall between personal data use and corporate life. The question remains – is this even possible?

With increased employee monitoring, is there a #privacy sweet spot for employers? Click to Tweet

And again – who is the watcher or guardian for both employees and employers? A question well worth asking with the discussion around privacy and data security.

1 Various translations have been accepted including ‘who will guard the guards.’

Sarah Meyer is a technology writer for more than 10 years. She writes on public policy issues with a focus on cybersecurity and personal data protection. Sarah has previously worked for large multinational cybersecurity companies in the areas of government relations and public policy engagement.